Experiencing a Security Breach?

24 Hour Hotline: +1 (866) 659-9097 Option 5

General

+1 (312) 873-7500

Monday - Friday 8:00 AM - 6:00 PM CT (UTC -6)

Sales

Contact a Trustwave solution specialist.

+1 (888) 878-7817

Monday - Friday 8:30 AM - 5:30 PM CT (UTC -6)

Loading...

Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Microsoft Patch Tuesday, June 2016

June's Patch Tuesday doesn't hold many surprises and is similar to the past several months with 17 bulletins and 36 unique CVEs in Microsoft products as well as an additional 37 CVEs patched in Adobe Flash. Six of these bulletins are ranked as Critical while the other eleven are rated Important.

On the Critical list, Internet Explorer and Edge are back as always they always are, but the ten vulnerabilities in IE and the eight patched in Edge pale in comparison to previous months and years. One of the Critical bulletins in the Microsoft DNS server could be bad if an exploit is released publicly. The same goes for the Critical Office bulletin that is likely to be reused in social engineering attacks if an exploit is made public.

The biggest hit this month isn't even in a Microsoft product, but in Adobe Flash. Since Flash is embedded in Microsoft's IE and Edge browsers, Microsoft started including Adobe patches as a part of their own patch cycle in April. Last month 17 Critical vulnerabilities were patched in Flash and this month that count hits 37, more than all of the Microsoft vulnerabilities combined. Over the past two years, Flash has retained title of the most vulnerable and exploited piece of software installed on most systems. if you can't uninstall Flash completely I highly recommend a "click to play" Flash plugin. These are available for most web browsers and allow the user to choose what Flash content they want to see.

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

This security update is rated Critical for Microsoft Edge on Windows 10.

This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

This security update is rated Critical for affected versions of the JScript and VBScript scripting engines on supported releases of Windows Vista, and Moderate on Windows Server 2008 and Windows Server 2008 R2.

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

See full Microsoft bulletin for affected versions of Microsoft Office.

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.

This security update is rated Critical for all supported releases of Windows Server 2012 and Windows Server 2012 R2

MS16-072CVE-2016-3223ImportantSecurity Update for Group Policy

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine.

This security update is rated Important for all supported releases of Microsoft Windows.

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

This security update is rated Important for all supported releases of Microsoft Windows.

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website.

This security update is rated Important for all supported releases of Microsoft Windows.

MS16-075CVE-2016-3225ImportantSecurity Update for Windows SMB Server

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.

This security update is rated Important for all supported releases of Microsoft Windows.

MS16-076CVE-2016-3228ImportantSecurity Update for Netlogon

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller.

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system. To exploit the vulnerability, an attacker could respond to NetBIOS name requests for WPAD. The update addresses the vulnerability by correcting how Windows handles proxy discovery.

This security update is rated Important for all supported releases of Microsoft Windows.

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

This security update is rated Important for all supported editions of Microsoft Windows 10.

MS16-079CVE-2016-0028ImportantSecurity Update for Microsoft Exchange

This security update resolves vulnerabilites in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in an Outlook Web Access (OWA) message that is loaded, without warning or filtering, from the attacker-controlled URL.

An email filter bypass exists in the way that Microsoft Exchange parses HTML messages that could allow information disclosure. An attacker who successfully exploited the vulnerability could identify, fingerprint, and track a user online if the user views email messages using Outlook Web Access (OWA). An attacker could also combine this vulnerability with another one, such as a Cross-Site Request Forgery (CSRF), to amplify the attack.

To exploit the vulnerability, an attacker could include specially crafted image URLs in OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems. The update corrects the way that Exchange parses HTML messages.

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. However, an attacker would have no way to force a user to open a specially crafted .pdf file.

This security update is rated Important for all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows 10.

MS16-081CVE-2016-3226ImportantSecurity Update for Active Directory

This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.

This security update is rated Important for all supported editions of Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements.

This security update is rated Critical. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.